Multiplication

ABSTRACT

A device includes a memory, which, in operation, stores one or more look-up tables, and cryptographic circuitry coupled to the memory. The cryptographic circuitry, in operation, multiplies first data masked with a first mask by second data masked with a second mask, and protects the first data and the second data during the multiplying. The multiplying and protecting includes remasking the first data with a third mask, remasking the second data with a fourth mask, executing one or more compensation operations using one or more of the one or more look-up tables, and generating third data masked with a fifth mask. The fifth mask is independent of the first, second, third, and fourth masks. The third data corresponds to the first data multiplied by the second data.

BACKGROUND Technical Field

The present disclosure generally concerns the protection of binary dataand the protection of operations capable of being applied to such binarydata. The present disclosure more particularly concerns theimplementation of a multiplication of masked binary data carried out insecure fashion.

Description of the Related Art

During the use of critical data, the data is masked during processing byan electronic device, such as a processor.

BRIEF SUMMARY

In an embodiment, a method comprises multiplying, using an electronicdevice, first data masked with a first mask by second data masked with asecond mask, and protecting the first data and the second data duringthe multiplying. The multiplying and protecting includes: remasking thefirst data with a third mask; remasking the second data with a fourthmask; executing one or more compensation operations using one or morelook-up tables; and generating third data masked with a fifth mask. Thefifth mask is independent of the first, second, third, and fourth masks.The third data corresponds to the first data multiplied by the seconddata.

In an embodiment, a device includes a memory, which, in operation,stores one or more look-up tables, and cryptographic circuitry coupledto the memory. The cryptographic circuitry, in operation, multipliesfirst data masked with a first mask by second data masked with a secondmask, and protects the first data and the second data during themultiplying. The multiplying and protecting includes remasking the firstdata with a third mask, remasking the second data with a fourth mask,executing one or more compensation operations using one or more of theone or more look-up tables, and generating third data masked with afifth mask. The fifth mask is independent of the first, second, third,and fourth masks. The third data corresponds to the first datamultiplied by the second data.

In an embodiment, a system comprises an application processor, which, inoperation, executes one or more applications, and cryptographiccircuitry coupled to the application processor. The cryptographiccircuitry, in operation, multiplies first data masked with a first maskby second data masked with a second mask, and protects the first dataand the second data during the multiplying. The multiplying andprotecting includes: remasking the first data with a third mask;remasking the second data with a fourth mask; executing one or morecompensation operations using one or more look-up tables; and generatingthird data masked with a fifth mask. The fifth mask is independent ofthe first, second, third, and fourth masks. The third data correspondsto the first data multiplied by the second data.

In an embodiment, a non-transitory computer-readable medium's contentsconfigure cryptographic circuitry to perform a method. The methodcomprises multiplying first data masked with a first mask by second datamasked with a second mask, and protecting the first data and the seconddata during the multiplying. The multiplying and protecting includes,remasking the first data with a third mask, remasking the second datawith a fourth mask, executing one or more compensation operations usingone or more look-up tables, and generating third data masked with afifth mask. The fifth mask is independent of the first, second, third,and fourth masks. The third data corresponds to the first datamultiplied by the second data. In an embodiment, the contents comprisethe one or more look-up tables. In an embodiment, the contents compriseinstructions executed by the cryptographic circuitry.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The foregoing features and advantages, as well as others, will bedescribed in detail in the following description of specific embodimentsgiven by way of illustration and not limitation with reference to theaccompanying drawings, in which:

FIG. 1 very schematically shows in the form of blocks an example of anelectronic device to which the embodiments may apply;

FIG. 2 very schematically shows in the form of blocks the implementationof a binary data masking operation;

FIG. 3 very schematically shows in the form of blocks an implementationmode of a secure operation of multiplication of masked data;

FIG. 4 very schematically shows in the form of blocks a more detailedimplementation mode of a secure operation of multiplication of maskeddata;

FIG. 5 very schematically shows in the form of blocks another moredetailed implementation mode of a secure operation of multiplication ofmasked data; and

FIG. 6 very schematically shows in the form of blocks another moredetailed implementation mode of a secure operation of multiplication ofmasked data.

DETAILED DESCRIPTION

Like features have been designated by like references in the variousfigures. In particular, the structural and/or functional features thatare common among the various embodiments may have the same referencesand may dispose identical structural, dimensional and materialproperties.

For the sake of clarity, only the steps and elements that are useful foran understanding of the embodiments described herein have beenillustrated and described in detail.

Unless indicated otherwise, when reference is made to two elementsconnected together, this signifies a direct connection without anyintermediate elements other than conductors, and when reference is madeto two elements coupled together, this signifies that these two elementscan be connected or they can be coupled via one or more other elements.

In the following disclosure, unless otherwise specified, when referenceis made to absolute positional qualifiers, such as the terms “front,”“back,” “top,” “bottom,” “left,” “right,” etc., or to relativepositional qualifiers, such as the terms “above,” “below,” “upper,”“lower,” etc., or to qualifiers of orientation, such as “horizontal,”“vertical,” etc., reference is made to the orientation shown in thefigures.

Unless specified otherwise, the expressions “around,” “approximately,”“substantially” and “in the order of” signify within 10%, within 5%.

FIG. 1 very schematically shows in the form of blocks an example of anelectronic device 100 to which the embodiments described may apply.

Device 100 is an electronic device adapted to processing data. Device100 comprises at least one processor 101 (μM1), or microprocessoradapted to processing control signals and to implementing one or aplurality of software programs. Electronic device 100 further comprisesone or a plurality of memory devices 102 (MEM1) having data andinstructions stored therein. Device 100 may comprise memory devices 102of different types, for example, one or a plurality of read-onlymemories, one or a plurality of volatile memories, one or a plurality ofrewritable non-volatile memories, etc., or combinations thereof.

Further, and for the implementation of the embodiments described inrelation with FIGS. 3 to 6 , device 100 is particularly adapted toprocessing secret data, and more precisely masked data. For thispurpose, device 100 may use processor 101 and memory device(s) 102, butdevice 100 may further comprise a secure portion 103 formed of a or of aportion of a processor 104 and of a portion of one or a plurality ofmemory devices 105 (MEM2). The masking type used to implement theembodiments described in relation with FIGS. 3 to 6 is described inrelation with FIG. 2 .

The different processors 101 and 104 and the different memory devices102 and 105 of device 100 may communicate together, for example, via oneor a plurality of computer buses 106.

According to another example, another type of electronical device, towhich the embodiments described in relation with FIGS. 3 to 6 , forexample, may apply, is a cryptographic accelerator. A cryptographicaccelerator is an electronical device, for example similar to acalculator, to a secondary processor or a secondary microprocessor, towhich the use is specifically dedicated to the execution of operation,algorithm, and/or calculus associated to cryptography and/or datacyphering.

FIG. 2 schematically shows in the form of blocks the implementation ofan operation of masking 200 (MASK) of binary data X with a mask MX.

Masking operation 200 enables to perform a secure processing of data byciphering them with other binary data used as a mask. There existdifferent types of data masking, but in the example embodimentsdescribed hereafter, the used masking is a masking using a logicEXCLUSIVE OR-type (XOR) operation.

Thus, masking operation 200 implements a masking operation by using thefollowing mathematical formula:

X′=X xor MX  Math 1

wherein:

-   -   operator xor designates the EXCLUSIVE OR logic operation;    -   X is the binary data to be masked;    -   MX is the binary data used as a mask; and    -   X′ is the masked binary data.

Further, an unmasking operation enabling to return data X from the dataX′ masked with mask MX applies the same operation as a maskingoperation. Indeed, masking masked data X′ with mask MX amounts tocanceling the first operation. In other words, an unmasking operationuses the following mathematical formula:

X=X′xor MX  Math 2

FIG. 3 schematically shows in the form of blocks an embodiment of asecure operation of multiplication of two masked pieces of data A′ andB′.

The secure multiplication operation is represented by a block 250(MULTI). In the following, the secure multiplication operation is calledoperation 250. The secure multiplication operation is, for example, atwo by two bits multiplication operation. Operation 250 receives as aninput:

-   -   masked binary data A′ corresponding to binary data A masked with        a mask MA;    -   masked binary data B′ corresponding to binary data B masked with        a mask MB;    -   optionally, internal masks RA and RB intended to mask data A′        and B′; and    -   optionally, an output mask MC intended to mask the result data.

According to an example, all the masks used by operation 250, namelymasks MA, RA, MB, RB, and MC are generated during a prior calculuscycle. It allows to modify the result of the multiplication at eachcalculus cycle. Masks MA and MB are, typically, dependents of othermasks used during the prior cycle. According to another example,operation 250 does not need being supplied with masks RA, RB, and MC andgenerates them itself.

Operation 250 outputs masked binary data C′ corresponding to data Cmasked with output mask MC.

According to an embodiment, operation 250 performs a secure operation ofmultiplication of the input masked data, that is, data A′ and B′, andoutputs masked data, that is, data C′, corresponding to themultiplication of the unmasked input data, that is, data A and B, andmasked with an output mask, that is, mask MC, independent from all thepreviously-used masks, that is, masks MA, MB. Thus, output masked dataC′ are given by the following mathematical formula:

C′=(A·B)xor MC  Math 3

where operator · designates the logic multiplication operation.

Further, and according to an embodiment, operation 250 performs thesecure operation of multiplication of masked data, here, data A′ and B′,by modifying the initial masks, that is, masks MA and MB, of these data,and by replacing them with internal masks, here masks RA and RB.

To obtain this result, operation 250 implements a plurality ofsub-operations, among which:

-   -   the implementation of a conventional multiplication, or        conventional multiplication operation;    -   one or a plurality of compensation operations and of        corrections;    -   one or a plurality of combination operations; and    -   one or a plurality of data masking and unmasking operations, or        sub-operations or steps.

The compensation and correction operation(s) enable to remove at leastone term depending on masks MA, MB, RA, or RB from the result of theconventional operation of multiplication of masked data A′ and B′.Detailed examples of such operations are described in relation withFIGS. 4 to 6 .

According to an embodiment, these operations are all implemented by oneor a plurality of lookup tables.

These operations, sub-operations, or steps, may be combined andimplemented in several different ways, in various orders. Three detailedembodiments are described in relation with FIGS. 4 to 6 . Otherembodiments may be envisaged by those skilled in the art based on theexplanations provided herein and hereafter.

FIG. 4 schematically shows in the form of blocks a detailedimplementation mode of a secure multiplication operation 300 of the typeof the multiplication operation 250 described in relation with FIG. 3 .

In FIG. 4 , secure multiplication operation 300 receives as an inputmasked data a′ and masked data b′, and their masks Ma and Mb, which arelinked by the following formulas:

$\begin{matrix}\left\{ \begin{matrix}{a^{\prime} = {a{xor}{Ma}}} \\{b^{\prime} = {b{xor}{Mb}}}\end{matrix} \right. & {{Math}5}\end{matrix}$

wherein:

-   -   a is the unmasked data a′; and    -   b is the unmasked data b′.

Secure multiplication operation 300 comprises:

-   -   an operation 301 of multiplication of the input data;    -   two compensation operations 302 and 303;    -   two correction operations 304 and 305; and    -   a combination operation 306.

According to an embodiment, each operation 301 to 305 is implemented bya lookup table. Further, each of operations 301 to 305 comprises maskingand unmasking sub-operations or steps.

Multiplication operation 301 receives as an input masked data a′ and b′and outputs masked data c xor Mi1. Operation 301 is formed of the fourfollowing sub-operations, or steps:

-   -   a masking and unmasking sub-operation or step 3011 (Ra);    -   a multiplication sub-operation 3012 (MUL);    -   a masking and unmasking sub-operation or step 3013 (Rb); and    -   a masking sub-operation or step 3014 (Mi1).

Masking and unmasking sub-operations 3011 and 3013 receive input data a′and b′ and their masks Ma and Mb. Sub-operations 3011 and 3013 areadapted to modifying the masks of the data that they receive. Inpractice, sub-operations 3011 and 3013 unmask the data and then maskthen again with a different mask, in this order or in the reverse order.More particularly, sub-operation 3011 modifies the initial mask Ma ofdata a′ into an internal mask Ra and outputs data a xor Ra.

Similarly, sub-operation 3013 modifies the initial mask Mb of data b′into an internal mask Rb and outputs data b xor Rb. According to analternative embodiment, sub-operations 3011 and 3013 may be previouslycarried out before the implementation of operation 301.

Sub-operation 3012 receives as an input the output data ofsub-operations 3011 and 3013 and performs their multiplication.Sub-operation 3012 outputs data c having the following expression:

c=(a xor Ra)·(b xor Rb)=(a·b)xor(a·Rb)xor(b·Ra)xor(Ra·Rb)  Math 6

Masking sub-operation 3014 receives as an input data c, and outputs datac xor Mi1 corresponding to data c masked with an intermediate mask Mi1.This operation enables to protect the output data of operation 301, andbefore the implementation of operation 302.

Compensation operation 302 receives as an input masked data c xor Mi1and b′, and outputs masked data d xor Mi2 xor Ra·Rb. Operation 302 isformed of four following sub-operations, or steps:

-   -   an unmasking sub-operation 3021 (Mi1);    -   a compensation sub-operation 3022 (COMP-b);    -   a mask change sub-operation 3023 (Rb) identical to the        sub-operation 3013 of operation 301; and    -   a masking sub-operation 3024 (Mi2).

Unmasking sub-operation 3021 receives as an input data c xor Mi1 andunmasks it to output data c.

Sub-operation 3023 receives as an input masked data b′, and outputsmasked data b xor Rb.

Sub-operation 3022 receives as an input the output data ofsub-operations 3021 and 3023. Sub-operation 3012 outputs data d havingthe following expression:

d=c xor((b xor Rb)·Ra)xor f(b xor Rb xor Mb)  Math 7

where f is a function enabling to add a correction term enabling toavoid too fast an implementation of sub-operation 3022.

By replacing c with its previously-disclosed expression, and byperforming a few simplifications, the expression of data d is thefollowing:

d=(a·b)xor(a·Rb)xor f(b′xor Rb)  Math 8

Function f is more particularly a function enabling to avoid an unwantedsimplification between the multiplication operation and the EXCLUSIVE ORoperation. Such a simplification would result in too fast animplementation of sub-operation 3022. Too fast an implementation of asub-operation might make operation 300 unreliable, since anill-intentioned person might recognize the used operations and data.Function f is a function verifying the following inequality:

f(11)≠11  Math 9

where 11 is the binary representation of number 3.

According to an example, function f implements a function sqk defined bythe following mathematical formula:

sqk(x)=N·x ²  Math 10

wherein:

-   -   N is a scalar define in the way that sqk(x)=y, with x=x1x0 (x0        being the less significant bit, and x1 the most significant bit)        and y=y1y0 (y0 being the less significant bit, and y1 the most        significant bit), results in y1=x0 and y0=x0 xor x1;    -   x² corresponds to the result of the operation x·x.

Masking sub-operation 3024 receives as an input data d and outputs datad xor Mi2 xor Ra·Rb corresponding to data d masked with an intermediatemask Mi2 xor Ra·Rb.

Operation 303 receives as an input masked data d xor Mi2 xor Ra·Rb anda′, and outputs masked data e xor Mi3. Operation 303 is formed of thefour following sub-operations, or steps:

-   -   an unmasking sub-operation 3031 (Mi1);    -   a compensation sub-operation 3032 (COMP-a);    -   a mask change sub-operation 3033 (Ra) identical to the        sub-operation 3011 of operation 301; and    -   a masking sub-operation 3034 (Mi3).

Unmasking operation 3031 receives as an input data d xor Mi2 xor Ra·Rband unmasks it to output data d xor Ra·Rb.

Sub-operation 3033 receives as an input masked data a′, and outputs maskdata a xor Ra.

Sub-operation 3032 receives as an input the output data ofsub-operations 3031 and 3033. Sub-operation 3032 outputs data e havingthe following expression:

e=d xor Ra·Rb xor((a xor Ra)·Rb)xor f(a xor Ra xor Ma)  Math 11

By replacing d with its previously-disclosed expression and byperforming a few simplifications, the expression of data e is thefollowing:

e=(a·b)xor f(b xor Rb xor Mb)xor f(a xor Ra xor Ma)  Math 12

Masking sub-operation 3034 receives as an input data e, and outputs datae xor Mi3 corresponding to data e masked with a mask Mi3, that is,masked data e xor Mi3.

Compensation operations 302 and 303 enable to remove the terms a·Rb,b·Ra, and Ra·Rb present in the data c resulting from operation 301.

Operations 304 and 305 are correction operations enabling to remove thecorrective terms of data e.

Operation 304 receives as an input masked data a′, and outputs maskedcorrective term f(a′ xor Ra) xor Mi4. Operation 304 is formed of thefour following sub-operations, or steps:

-   -   a masking sub-operation 3041 (Ra);    -   a sub-operation of application of function f 3042 (f); and    -   a masking sub-operation 3043 (Mi4).

Sub-operation 3041 masks mask data a′ with internal mask Ra.Sub-operation 3041 outputs masked data a′ xor Ra.

Sub-operation 3042 applies function f to data a′ xor Ra, and outputscorrective term f(a′ xor Ra).

Sub-operation 3043 masks corrective term f(a′ xor Ra) with anintermediate mask Mi4. Sub-operation 3041 outputs masked data f(a′ xorRa) xor Mi4.

Operation 305 receives as an input masked data b′, and outputs maskedcorrective term f(b′ xor Ra) xor Mi4. Operation 304 is formed of thefour following sub-operations, or steps:

-   -   a masking sub-operation 3051 (Rb);    -   a sub-operation of application of function f 3052 (f); and    -   a masking sub-operation 3053 (Mi4).

Sub-operation 3051 masks masked data b′ with internal mask Rb.Sub-operation 3051 outputs masked data b′ xor Rb.

Sub-operation 3052 applies function f to data b′ xor Rb, and outputscorrective term f(b′ xor Rb).

Sub-operation 3053 masks corrective term f(b′ xor Rb) with anintermediate mask Mi4. Sub-operation 3051 outputs masked data f(b′ xorRb) xor Mi4.

Combination operation 306 receives as an input the output data ofoperations 303, 304, and 305 and combines them to obtain the finalresult data of secure multiplication operation 300. For this purpose,operation 306 performs an EXCLUSIVE OR operation of all the data that itreceives, more precisely the final result data are given by thefollowing mathematical formula:

e xor Mi3xor f(a′xor Ra)xor Mi4xor f(b′xor Rb)xor Mi4  Math 13

By replacing e with its previously-disclosed expression and byperforming a few simplifications, the expression of the final resultdata is the following:

(a·b)xor Mi4  Math 14

Thus, and as described in relation with FIG. 2 , operation 300 outputsdata corresponding to the multiplication of the unmasked input data,here data a and b, and masked with a mask, here mask Mi4, independentfrom the masks of the input data.

An advantage of this implementation mode is that all the operations areimplemented by a lookup table and that all the compensation operationshave the same duration of implementation. This enables to protect thesecure multiplication operation against timing-type attacks where anill-intentioned user is capable of deducing from the time of computationof an operation the data processed by the operation.

FIG. 5 schematically shows in the form of blocks a detailedimplementation mode of a secure multiplication operation 400 of the typeof the multiplication operation 250 described in relation with FIG. 3 .

The secure multiplication operation 400 has elements common with thesecure multiplication operation 300 described in relation with FIG. 4 .These common elements are not described again herein, and only thedifferences between operations 300 and 400 are highlighted.

In FIG. 5 , and as in FIG. 4 , secure multiplication operation 400receives as an input masked data a′ and masked data b′, and their masksMa and Mb, which are linked by the following formula:

$\begin{matrix}\left\{ \begin{matrix}{a^{\prime} = {a{xor}{Ma}}} \\{b^{\prime} = {b{xor}{Mb}}}\end{matrix} \right. & {{Math}15}\end{matrix}$

wherein:

-   -   a is the unmasked data a′; and    -   b is the unmasked data b′.

Secure multiplication operation 400 comprises:

-   -   the operation 301 of multiplication of the input data already        described in relation with FIG. 4 ;    -   a single compensation operation 402;    -   two correction operations 304 and 305 already described in        relation with FIG. 4 ; and    -   two combination operations 406 and 407.

According to an embodiment, each operation 301, 402, 304, 305, 406, and407 is implemented by a lookup table. Further, each of operations 301,402, 304, 305, 406, and 407 comprises masking and unmaskingsub-operations, or steps.

As described in relation with FIG. 4 , operation 301 takes as an inputdata a′, b′, Ma, and Mb and outputs masked data c xor Mi1 having theirexpression given by the following formula:

c xor Mi1=(a·b)xor(a·Rb)xor(b·Ra)xor(Ra·Rb)xor Mi1  Math 16

Compensation operation 402 combines the combination operations 302 and303 described in relation with FIG. 4 . Compensation operation 402 takesas an input data a′, b′, Ma, and Mb and outputs masked data g xor Mi2.Operation 402 is formed of the four following sub-operations, or steps:

-   -   a mask change operation 4021 (Ra) identical to the sub-operation        3011 of operation 301;    -   a compensation sub-operation 4022 (COMP-ab);    -   a mask change sub-operation 4023 (Rb) identical to the        sub-operation 3013 of operation 301; and    -   a masking sub-operation 4024 (Mi2).

Sub-operation 4021 receives as an input masked data a′ and outputsmasked data a xor Ra.

Sub-operation 4023 receives as an input masked data b′, and outputsmasked data b xor Rb.

Sub-operation 4022 receives as an input the output data ofsub-operations 4021 and 4023. Sub-operation 3012 outputs data g havingthe following expression:

g=(a xor Ra)·Rb xor f(a xor Ra xor Ma)xor(b xor Rb)·Ra xor f(b xor Rbxor Mb)  Math 17

where f is the function defined in relation with FIG. 4 .

By performing a few simplifications, the expression of data g is thefollowing:

g=a·Rb xor f(a xor Ra xor Ma)xor b·Ra xor f(b xor R xor Mb)  Math 18

Masking sub-operation 4024 receives as an input data g and outputs datag xor Mi2 xor Ra·Rb corresponding to data g masked with an intermediatemask Mi2 xor Ra·Rb.

Compensation operations 402 enables to remove the terms a·Rb, b·Ra, andRa·Rb present in the data c resulting from operation 301.

Combination operation 406 receives the output data of operations 301 and402 and applies thereto an EXCLUSIVE OR type operation to deliver maskeddata h xor Mi1 xor Mi2 where Mi1 xor Mi2 is the mask. Masked data h xorMi1 xor Mi2 are provided by the following mathematical formula:

h xor Mi1xor Mi2=c xor Mi1xor g xor Mi2xor Ra·Rb  Math 19

By replacing c and g with their previously-disclosed expressions, and byperforming a few simplifications, the expression of masked data h xorMi1 xor Mi2 is the following:

h xor Mi1xor Mi2=(a·b)xor f(a xor Ra xor Ma)xor f(b xor Rb xor Mb)xorMi1xor Mi2  Math 20

Operations 304 and 305 receive as an input, respectively, masked data a′and b′ and respectively deliver masked data f(a′ xor Ra) xor Mi4 andf(b′ xor Rb) xor Mi4.

As described in relation with FIG. 4 , combination operation 407receives as an input the output data of operations 406, 304, and 305 andcombines them to obtain the final result data of the securemultiplication operation 400. For this purpose, operation 407 performsan EXCLUSIVE OR operation of all the data that it receives, moreprecisely the final result data are given by the following mathematicalformula:

h xor Mi1xor Mi2xor f(a′xor Ra)xor Mi4xor f(b′xor Rb)xor Mi4  Math 21

By replacing h with its previously-disclosed expression and byperforming a few simplifications, the expression of the final resultdata is the following:

(a·b)xor Mi1xor Mi2  Math 22

Thus, and as described in relation with FIG. 3 , operation 400 outputsdata corresponding to the multiplication of the unmasked input data,here data a and b, and masked with a mask independent from the masks ofthe input data, here mask Mi1 xor Mi2.

Operation 500 has the same advantages as the operation 300 described inrelation with FIG. 4 .

FIG. 6 schematically shows in the form of blocks a detailedimplementation mode of a secure multiplication operation 500 of the typeof the multiplication operation 250 described in relation with FIG. 3 .

The secure multiplication operation 500 has elements common with thesecure multiplication operation 300 described in relation with FIG. 4 .These common elements are not described again herein, and only thedifferences between operations 300 and 500 are highlighted.

In FIG. 6 , secure multiplication operation 500 receives as an inputmasked data a′ and masked data b′, and their masks Ma and Mb, which arelinked by the following formulas:

$\begin{matrix}\left\{ \begin{matrix}{a^{\prime} = {a{xor}{Ma}}} \\{b^{\prime} = {b{xor}{Mb}}}\end{matrix} \right. & {{Math}23}\end{matrix}$

wherein:

-   -   a is the unmasked data a′; and    -   b is the unmasked data b′.

Secure multiplication operation 500 comprises:

-   -   the operation 301 of multiplication of the input data already        described in relation with FIG. 4 ;    -   two compensation operations 502 and 503;    -   two correction operations 304 and 305 already described in        relation with FIG. 4 ; and    -   a combination operation 506.

According to an embodiment, each operation 301, 502, 503, 304, 305, and506 is implemented by a lookup table. Further, each of operations 301,502, 503, 304, 305, and 506 comprises masking and unmaskingsub-operations, or steps.

As described in relation with FIG. 4 , operation 301 takes as an inputdata a′, b′, Ma, and Mb and outputs masked data c xor Mi1 having theirexpression given by the following formula:

c xor Mi1=(a·b)xor(a·Rb)xor(b·Ra)xor(Ra·Rb)xor Mi1  Math 24

Operation 502 receives as an input masked data b′ and outputs maskeddata j xor Mi2 xor Ra·Rb. Operation 502 is formed of the three followingsub-operations or steps:

-   -   a mask change sub-operation 5021 (Rb) identical to the        sub-operation 3013 of operation 301;    -   a compensation sub-operation 5022 (COMP-b); and    -   a masking sub-operation 5023 (Mi2).

Sub-operation 5021 receives as an input masked data b′, and outputsmasked data b xor Rb.

Sub-operation 5022 receives as an input the output data of sub-operation5021. Sub-operation 5022 outputs data j having the following expression:

j=((b xor Rb)·Ra)xor f(b xor Rb xor Mb)  Math 25

where f is the function defined in relation with FIG. 4 .

By performing a few simplifications, the expression of data j is thefollowing:

=(b·Ra)xor(Ra·Rb)xor(a·Rb)xor f(b′xor Rb)  Math 26

Masking sub-operation 5023 receives as an input data j and outputs dataj xor Mi2 xor Ra·Rb corresponding to data j masked with an intermediatemask Mi2 xor Ra·Rb.

Operation 503 receives as an input masked data a′ and outputs maskeddata k xor Mi3. Operation 503 is formed of the three followingsub-operations or steps:

-   -   a mask change operation 5023 (Ra) identical to the sub-operation        3011 of operation 301;    -   a compensation sub-operation 5032 (COMP-a); and    -   a masking sub-operation 5033 (Mi3).

Sub-operation 5031 receives as an input masked data a′, and outputsmasked data a xor Ra.

Sub-operation 5032 receives as an input the output data of sub-operation5031. Sub-operation 5032 outputs data k having the following expression:

k=((a xor Ra)·Rb)xor f(a xor Ra xor Ma)  Math 27

where f is the function defined in relation with FIG. 4 .

By performing a few simplifications, the expression of data k is thefollowing:

k=(a·Rb)xor(Ra·Rb)xor(b·Ra)xor f(a′xor Ra)  Math 28

Masking sub-operation 5033 receives as an input data k, and outputs datak xor Mi3 corresponding to data k masked with an intermediate mask Mi3.

Compensation operations 502 and 503 enable to remove the terms a·Rb,b·Ra, and Ra·Rb present in the data c resulting from operation 301.

As described in relation with FIG. 4 , operations 304 and 305 receive asan input, respectively, masked data a′ and b′ and respectively delivermasked data f(a′ xor Ra) xor Mi4 and f(b′ xor Rb) xor Mi4.

Combination operation 506 receives as an input the output data ofoperations 301, 502, 503, 304, and 305 and combines them to obtain thefinal result data of the secure multiplication operation 500. For thispurpose, operation 506 performs an EXCLUSIVE OR operation of all thedata that it receives, more precisely the final result data are given bythe following mathematical formula:

c xor Mi1xor j xor Mi2xor Ra·Rb xor k xor Mi3xor f(a′xor Ra)xor Mi4xorf(b′xor Rb)xor Mi4  Math 29

By replacing data c, j, and k with their respective previously-disclosedexpressions and by performing a few simplifications, the expression ofthe final result data is the following:

(a·b)xor Mi1xor Mi2xor Mi3  Math 30

Thus, and as described in relation with FIG. 2 , operation 500 outputsdata corresponding to the multiplication of the unmasked input data,here data a and b, and masked with a mask independent from the masks ofthe input data, here mask Mi1 xor Mi2 xor Mi3.

Operation 500 has the same advantages as the operation 300 described inrelation with FIG. 4 .

Various embodiments and variants have been described. Those skilled inthe art will understand that certain features of these variousembodiments and variants may be combined, and other variants will occurto those skilled in the art. In particular, other embodiments of secureoperations are within the abilities of those skilled in the art, who mayimagine other orders of the operations of the secure operation.

Finally, the practical implementation of the described embodiments andvariations is within the abilities of those skilled in the art based onthe functional indications given hereabove.

Operation of multiplication (250; 300; 400; 500) may be summarized asincluding multiplication of first data (A′; a′) masked with a first mask(MA; Ma) and of second data (B′; b′) masked with a second mask (MB; Mb),wherein: the first mask (MA; Ma) is replaced with a third mask (RA; Ra)and the second mask is replaced with a fourth mask (RB; Rb); themultiplication operation (250; 300; 400; 500) including at least onefirst compensation operation (302, 303; 402; 502, 503) implemented by atleast one first lookup table; and the result data (C′) of saidmultiplication operation (250; 300; 400; 500) are third datacorresponding to the multiplication of the first unmasked data (A; a)and of the second data (B; b) masked with a fifth mask (MC; Mc)independent from the first, second, third, and fourth masks (MA, MB, RA,RB; Ma, Mb, Ra, Rb).

Method of implementation of an operation of multiplication (250; 300;400; 500) may be summarized as including multiplication of first data(A′; a′) masked with a first mask (MA; Ma) and of second data (B′; b′)masked with a second mask (MB; Mb), wherein: the first mask (MA; Ma) isreplaced with a third mask (RA; Ra) and the second mask is replaced witha fourth mask (RB; Rb); the multiplication operation (250; 300; 400;500) including at least one first compensation operation (302, 303; 402;502, 503) implemented by at least one first lookup table; and the resultdata (C′) of said multiplication operation (250; 300; 400; 500) arethird data corresponding to the multiplication of the first unmaskeddata (A; a) and of the second data (B; b) masked with a fifth mask (MC;Mc) independent from the first, second, third, and fourth masks (MA, MB,RA, RB; Ma, Mb, Ra, Rb).

The type of masking used may be a masking using a logic operation ofEXCLUSIVE OR type.

The multiplication operation (250; 300; 400; 500) may further includethe implementation of a first multiplication (301) of the first andsecond masked data (a′, b′).

Said implementation of a first multiplication (301) may include maskingand/or unmasking sub-operations (3011, 3013, 3014).

Said at least one compensation operation (302, 303; 402; 502, 503) mayenable to remove at least one term depending on the first or secondmasks (Ma, Mb) from the result of said first multiplication of the firstand second masked data (a′, b′).

The compensation operation (302, 303; 402; 502, 503) may implement afunction f satisfying the following inequality:

f(11)≠11  [Math 31]

where 11 is the binary representation of number 3.

According to an example, function f implements a function sqk defined bythe following mathematical formula:

sqk(x)=N·x ²  Math 32

wherein:

operator · designates the logic multiplication operation;

N is a scalar define in the way that sqk(x)=y, with x=x1x0 (x0 being theless significant bit, and x1 the most significant bit) and y=y1y0 (y0being the less significant bit, and y1 the most significant bit),results in y1=x0 and y0=x0 xor x1;

x² corresponds to the result of the operation x·x.

Said at least one compensation operation (302, 303; 402; 502, 503) mayinclude masking and/or unmasking sub-operations (3021, 3023, 3024, 3031,3033, 3034; 4021, 4022, 4024; 5021, 5023, 5031, 5033).

The multiplication operation (250; 300; 400; 500) may include theimplementation of at least one first correction operation (304, 305)enabling to remove at least one term depending on function f.

Said at least one correction operation (304, 305) may include maskingand/or unmasking sub-operations (3041, 3043, 3051, 3053).

Electronic device may be summarized as including adapting toimplementing the methods disclosed herein.

In an embodiment, a method comprises: multiplying, using an electronicdevice, first data masked with a first mask by second data masked with asecond mask; and protecting the first data and the second data duringthe multiplying. The multiplying and protecting includes: remasking thefirst data with a third mask; remasking the second data with a fourthmask; executing one or more compensation operations using one or morelook-up tables; and generating third data masked with a fifth mask. Thefifth mask is independent of the first, second, third, and fourth masks.The third data corresponds to the first data multiplied by the seconddata. In an embodiment, the method comprises using EXCLUSIVE OR typemasking. In an embodiment, the multiplying and protecting comprisesperforming a first multiplication of the first masked data and thesecond masked data. In an embodiment, the first multiplication comprisesapplying masking, unmasking, or masking and unmasking sub-operations. Inan embodiment, a compensation operation of the one or more compensationoperations removes at least one term depending on the first mask ordepending on the second mask from a result of said first multiplication.In an embodiment, a compensation operation of the one or morecompensation operations implements a function f satisfying the followinginequality:

f(11)≠11

where 11 is a binary representation of number 3. In an embodiment, thefunction f is a square-scale function sqk defined by:

sqk(x)=N·x ²

wherein:

operator · designates a logic multiplication operation;

N is a scalar satisfying sqk(x)=y, with x=x1x0 and y=y1y0, results iny1=x0 and y0=x0 xor x1, with x0 being the least significant bit and x1being the most significant bit, and y0 being the least significant bitand y1 being the most significant bit; and

x² corresponds to x·x.

In an embodiment, a compensation operation of the one or morecompensation operations comprises masking, unmasking, or masking andunmasking sub-operations. In an embodiment, the multiplying andprotecting comprises one or more correction operations removing at leastone term depending on function f. In an embodiment, a correctionoperation of said one or more correction operations comprises masking,unmasking, or masking and unmasking sub-operations. In an embodiment,the multiplying and protecting comprises: applying a first compensationoperation to a result of the first multiplication of the first maskeddata and the second masked data; applying a second compensationoperation to a result of the first compensation operation; applying afirst correction operation to the first masked data; applying a secondcorrection operation to the second masked data; and applying acombination operation combining results of the second compensationoperation, the first correction operation, and the second correctionoperation, generating the third data masked with the fifth mask. In anembodiment, the multiplying and protecting comprises: applying a firstcompensation operation to a result of the first multiplication of thefirst masked data and the second masked data; applying a firstcombination operation combining the result of the first multiplicationof the first masked data and the second masked data with a result of thefirst compensation operation; applying a first correction operation tothe first masked data; applying a second correction operation to thesecond masked data; and applying a second combination operationcombining results of the first combination operation, the firstcorrection operation, and the second correction operation, generatingthe third data masked with the fifth mask. In an embodiment, themultiplying and protecting comprises: applying a first compensationoperation to the first masked data; applying a second compensationoperation to the second masked data; applying a first correctionoperation to the first masked data; applying a second correctionoperation to the second masked data; and applying a combinationoperation combining results of: the first multiplication operation ofthe first masked data and the second masked data; the first compensationoperation; the second compensation operation; the first correctionoperation; and the second correction operation, generating the thirddata masked with the fifth mask.

In an embodiment, a device includes a memory, which, in operation,stores one or more look-up tables, and cryptographic circuitry coupledto the memory. The cryptographic circuitry, in operation, multipliesfirst data masked with a first mask by second data masked with a secondmask, and protects the first data and the second data during themultiplying. The multiplying and protecting includes remasking the firstdata with a third mask, remasking the second data with a fourth mask,executing one or more compensation operations using one or more of theone or more look-up tables, and generating third data masked with afifth mask. The fifth mask is independent of the first, second, third,and fourth masks. The third data corresponds to the first datamultiplied by the second data. In an embodiment, the cryptographiccircuitry, in operation, uses EXCLUSIVE OR type masking. In anembodiment, the cryptographic circuitry, in operation, performs a firstmultiplication of the first masked data and the second masked data. Inan embodiment, the first multiplication comprises applying masking,unmasking, or masking and unmasking sub-operations.

In an embodiment, a compensation operation of the one or morecompensation operations removes at least one term depending on the firstmask or depending on the second mask from a result of said firstmultiplication. In an embodiment, a compensation operation of the one ormore compensation operations implements a function f satisfying thefollowing inequality:

f(11)≠11

where 11 is a binary representation of number 3. In an embodiment, thefunction f is a square-scale function sqk defined by:

sqk(x)=N·x ²

wherein:

operator · designates a logic multiplication operation;

N is a scalar satisfying sqk(x)=y, with x=x1x0 and y=y1y0, results iny1=x0 and y0=x0 xor x1, with x0 being the least significant bit and x1being the most significant bit, and y0 being the least significant bitand y1 being the most significant bit; and

x² corresponds to x·x.

In an embodiment, a compensation operation of the one or morecompensation operations comprises masking, unmasking, or masking andunmasking sub-operations. In an embodiment, the multiplying andprotecting comprises one or more correction operations removing at leastone term depending on function f. In an embodiment, a correctionoperation of said one or more correction operations comprises masking,unmasking, or masking and unmasking sub-operations. In an embodiment,the cryptographic circuitry, in operation: applies a first compensationoperation to a result of the first multiplication of the first maskeddata and the second masked data; applies a second compensation operationto a result of the first compensation operation; applies a firstcorrection operation to the first masked data; applies a secondcorrection operation to the second masked data; and applies acombination operation combining results of the second compensationoperation, the first correction operation, and the second correctionoperation, generating the third data masked with the fifth mask. In anembodiment, the cryptographic circuitry, in operation: applies a firstcompensation operation to a result of the first multiplication of thefirst masked data and the second masked data; applies a firstcombination operation combining the result of the first multiplicationof the first masked data and the second masked data with a result of thefirst compensation operation; applies a first correction operation tothe first masked data; applies a second correction operation to thesecond masked data; and applies a second combination operation combiningresults of the first combination operation, the first correctionoperation, and the second correction operation, generating the thirddata masked with the fifth mask. In an embodiment, the cryptographiccircuitry, in operation: applies a first compensation operation to thefirst masked data; applies a second compensation operation to the secondmasked data; applies a first correction operation to the first maskeddata; applies a second correction operation to the second masked data;and applies a combination operation combining results of: the firstmultiplication operation of the first masked data and the second maskeddata; the first compensation operation; the second compensationoperation; the first correction operation; and the second correctionoperation, generating the third data masked with the fifth mask.

In an embodiment, a system comprises an application processor, which, inoperation, executes one or more applications, and cryptographiccircuitry coupled to the application processor. The cryptographiccircuitry, in operation, multiplies first data masked with a first maskby second data masked with a second mask, and protects the first dataand the second data during the multiplying. The multiplying andprotecting includes: remasking the first data with a third mask;remasking the second data with a fourth mask; executing one or morecompensation operations using one or more look-up tables; and generatingthird data masked with a fifth mask. The fifth mask is independent ofthe first, second, third, and fourth masks. The third data correspondsto the first data multiplied by the second data. In an embodiment, thecryptographic circuitry, in operation, performs a first multiplicationof the first masked data and the second masked data. In an embodiment, acompensation operation of the one or more compensation operationsimplements a function f satisfying the following inequality:

f(11)≠11

where 11 is a binary representation of number 3.

In an embodiment, a non-transitory computer-readable medium's contentsconfigure cryptographic circuitry to perform a method. The methodcomprises multiplying first data masked with a first mask by second datamasked with a second mask, and protecting the first data and the seconddata during the multiplying. The multiplying and protecting includes:remasking the first data with a third mask; remasking the second datawith a fourth mask; executing one or more compensation operations usingone or more look-up tables; and generating third data masked with afifth mask. The fifth mask is independent of the first, second, third,and fourth masks. The third data corresponds to the first datamultiplied by the second data. In an embodiment, the multiplying andprotecting comprises performing a first multiplication of the firstmasked data and the second masked data; and a compensation operation ofthe one or more compensation operations implements a function fsatisfying the following inequality:

f(11)≠11

where 11 is a binary representation of number 3. In an embodiment, thecontents comprise the one or more look-up tables. In an embodiment, thecontents comprise instructions executed by the cryptographic circuitry.

Some embodiments may take the form of or comprise computer programproducts. For example, according to one embodiment there is provided acomputer readable medium comprising a computer program adapted toperform one or more of the methods or functions described above. Themedium may be a physical storage medium, such as for example a Read OnlyMemory (ROM) chip, or a disk such as a Digital Versatile Disk (DVD-ROM),Compact Disk (CD-ROM), a hard disk, a memory, a network, or a portablemedia article to be read by an appropriate drive or via an appropriateconnection, including as encoded in one or more barcodes or otherrelated codes stored on one or more such computer-readable mediums andbeing readable by an appropriate reader device.

Furthermore, in some embodiments, some or all of the methods and/orfunctionality may be implemented or provided in other manners, such asat least partially in firmware and/or hardware, including, but notlimited to, one or more application-specific integrated circuits(ASICs), digital signal processors, discrete circuitry, logic gates,standard integrated circuits, controllers (e.g., by executingappropriate instructions, and including microcontrollers and/or embeddedcontrollers), field-programmable gate arrays (FPGAs), complexprogrammable logic devices (CPLDs), etc., as well as devices that employRFID technology, and various combinations thereof.

The various embodiments described above can be combined to providefurther embodiments. Aspects of the embodiments can be modified, ifnecessary to employ concepts of the various patents, applications andpublications to provide yet further embodiments.

These and other changes can be made to the embodiments in light of theabove-detailed description. In general, in the following claims, theterms used should not be construed to limit the claims to the specificembodiments disclosed in the specification and the claims, but should beconstrued to include all possible embodiments along with the full scopeof equivalents to which such claims are entitled. Accordingly, theclaims are not limited by the disclosure.

1. A method, comprising: multiplying, using an electronic device, firstdata masked with a first mask by second data masked with a second mask;and protecting the first data and the second data during themultiplying, the multiplying and protecting including: remasking thefirst data with a third mask; remasking the second data with a fourthmask; executing one or more compensation operations using one or morelook-up tables; and generating third data masked with a fifth mask,wherein: the fifth mask is independent of the first, second, third, andfourth masks; and the third data corresponds to the first datamultiplied by the second data.
 2. The method according to claim 1,comprising using EXCLUSIVE OR type masking.
 3. The method of claim 1,wherein the multiplying and protecting comprises performing a firstmultiplication of the first masked data and the second masked data. 4.The method according to claim 3, wherein said first multiplicationcomprises applying masking, unmasking, or masking and unmaskingsub-operations.
 5. The method according to claim 3, wherein acompensation operation of the one or more compensation operationsremoves at least one term depending on the first mask or depending onthe second mask from a result of said first multiplication.
 6. Themethod according to claim 1, wherein a compensation operation of the oneor more compensation operations implements a function f satisfying thefollowing inequality:f(11)≠11 where 11 is a binary representation of number
 3. 7. The methodaccording to claim 6, wherein the function f is a square-scale functionsqk defined by:sqk(x)=N·x ² wherein: operator · designates a logic multiplicationoperation; N is a scalar satisfying sqk(x)=y, with x=x1x0 and y=y1y0,results in y1=x0 and y0=x0 xor x1, with x0 being the least significantbit and x1 being the most significant bit, and y0 being the leastsignificant bit and y1 being the most significant bit; and x²corresponds to x·x.
 8. The method according to claim 1, wherein acompensation operation of the one or more compensation operationscomprises masking, unmasking, or masking and unmasking sub-operations.9. The method according to claim 6, wherein the multiplying andprotecting comprises one or more correction operations removing at leastone term depending on function f.
 10. The method according to claim 9,wherein a correction operation of said one or more correction operationscomprises masking, unmasking, or masking and unmasking sub-operations.11. The method of claim 3, wherein the multiplying and protectingcomprises: applying a first compensation operation to a result of thefirst multiplication of the first masked data and the second maskeddata; applying a second compensation operation to a result of the firstcompensation operation; applying a first correction operation to thefirst masked data; applying a second correction operation to the secondmasked data; and applying a combination operation combining results ofthe second compensation operation, the first correction operation, andthe second correction operation, generating the third data masked withthe fifth mask.
 12. The method of claim 3, wherein the multiplying andprotecting comprises: applying a first compensation operation to aresult of the first multiplication of the first masked data and thesecond masked data; applying a first combination operation combining theresult of the first multiplication of the first masked data and thesecond masked data with a result of the first compensation operation;applying a first correction operation to the first masked data; applyinga second correction operation to the second masked data; and applying asecond combination operation combining results of the first combinationoperation, the first correction operation, and the second correctionoperation, generating the third data masked with the fifth mask.
 13. Themethod of claim 3, wherein the multiplying and protecting comprises:applying a first compensation operation to the first masked data;applying a second compensation operation to the second masked data;applying a first correction operation to the first masked data; applyinga second correction operation to the second masked data; and applying acombination operation combining results of: the first multiplicationoperation of the first masked data and the second masked data; the firstcompensation operation; the second compensation operation; the firstcorrection operation; and the second correction operation, generatingthe third data masked with the fifth mask.
 14. A device, comprising: amemory, which, in operation, stores one or more look-up tables; andcryptographic circuitry coupled to the memory, wherein the cryptographiccircuitry, in operation: multiplies first data masked with a first maskby second data masked with a second mask; and protects the first dataand the second data during the multiplying, the multiplying andprotecting including: remasking the first data with a third mask;remasking the second data with a fourth mask; executing one or morecompensation operations using one or more of the one or more look-uptables; and generating third data masked with a fifth mask, wherein: thefifth mask is independent of the first, second, third, and fourth masks;and the third data corresponds to the first data multiplied by thesecond data.
 15. The device according to claim 14, wherein thecryptographic circuitry, in operation, uses EXCLUSIVE OR type masking.16. The device according to claim 14, wherein the cryptographiccircuitry, in operation, performs a first multiplication of the firstmasked data and the second masked data.
 17. The device according toclaim 16, wherein the first multiplication comprises applying masking,unmasking, or masking and unmasking sub-operations.
 18. The deviceaccording to claim 16, wherein a compensation operation of the one ormore compensation operations removes at least one term depending on thefirst mask or depending on the second mask from a result of said firstmultiplication.
 19. The device according to claim 14, wherein acompensation operation of the one or more compensation operationsimplements a function f satisfying the following inequality:f(11)≠11 where 11 is a binary representation of number
 3. 20. The deviceaccording to claim 19, wherein the function f is a square-scale functionsqk defined by:sqk(x)=N·x ² wherein: operator · designates a logic multiplicationoperation; N is a scalar satisfying sqk(x)=y, with x=x1x0 and y=y1y0,results in y1=x0 and y0=x0 xor x1, with x0 being the least significantbit and x1 being the most significant bit, and y0 being the leastsignificant bit and y1 being the most significant bit; and x²corresponds to x·x.
 21. The device according to claim 14, wherein acompensation operation of the one or more compensation operationscomprises masking, unmasking, or masking and unmasking sub-operations.22. The device according to claim 19, wherein the multiplying andprotecting comprises one or more correction operations removing at leastone term depending on function f.
 23. The device according to claim 22,wherein a correction operation of said one or more correction operationscomprises masking, unmasking, or masking and unmasking sub-operations.24. The device of claim 16, wherein the cryptographic circuitry, inoperation: applies a first compensation operation to a result of thefirst multiplication of the first masked data and the second maskeddata; applies a second compensation operation to a result of the firstcompensation operation; applies a first correction operation to thefirst masked data; applies a second correction operation to the secondmasked data; and applies a combination operation combining results ofthe second compensation operation, the first correction operation, andthe second correction operation, generating the third data masked withthe fifth mask.
 25. The device of claim 16, wherein the cryptographiccircuitry, in operation: applies a first compensation operation to aresult of the first multiplication of the first masked data and thesecond masked data; applies a first combination operation combining theresult of the first multiplication of the first masked data and thesecond masked data with a result of the first compensation operation;applies a first correction operation to the first masked data; applies asecond correction operation to the second masked data; and applies asecond combination operation combining results of the first combinationoperation, the first correction operation, and the second correctionoperation, generating the third data masked with the fifth mask.
 26. Thedevice of claim 16, wherein the cryptographic circuitry, in operation:applies a first compensation operation to the first masked data; appliesa second compensation operation to the second masked data; applies afirst correction operation to the first masked data; applies a secondcorrection operation to the second masked data; and applies acombination operation combining results of: the first multiplicationoperation of the first masked data and the second masked data; the firstcompensation operation; the second compensation operation; the firstcorrection operation; and the second correction operation, generatingthe third data masked with the fifth mask.
 27. A system, comprising: anapplication processor, which, in operation, executes one or moreapplications; and cryptographic circuitry coupled to the applicationprocessor, wherein the cryptographic circuitry, in operation: multipliesfirst data masked with a first mask by second data masked with a secondmask; and protects the first data and the second data during themultiplying, the multiplying and protecting including: remasking thefirst data with a third mask; remasking the second data with a fourthmask; executing one or more compensation operations using one or morelook-up tables; and generating third data masked with a fifth mask,wherein: the fifth mask is independent of the first, second, third, andfourth masks; and the third data corresponds to the first datamultiplied by the second data.
 28. The system according to claim 27,wherein the cryptographic circuitry, in operation, performs a firstmultiplication of the first masked data and the second masked data. 29.The system according to claim 28, wherein a compensation operation ofthe one or more compensation operations implements a function fsatisfying the following inequality:f(11)≠11 where 11 is a binary representation of number
 3. 30. Anon-transitory computer-readable medium having contents which configurecryptographic circuitry to perform a method, the method comprising:multiplying first data masked with a first mask by second data maskedwith a second mask; and protecting the first data and the second dataduring the multiplying, the multiplying and protecting including:remasking the first data with a third mask; remasking the second datawith a fourth mask; executing one or more compensation operations usingone or more look-up tables; and generating third data masked with afifth mask, wherein: the fifth mask is independent of the first, second,third, and fourth masks; and the third data corresponds to the firstdata multiplied by the second data.
 31. The non-transitorycomputer-readable medium of claim 30, wherein, the multiplying andprotecting comprises performing a first multiplication of the firstmasked data and the second masked data; and a compensation operation ofthe one or more compensation operations implements a function fsatisfying the following inequality:f(11)≠11 where 11 is a binary representation of number
 3. 32. Thenon-transitory computer-readable medium of claim 30, wherein thecontents comprise the one or more look-up tables.